Nirmata Documentation
AI and Infrastructure Governance Platform
Identity-aware policy enforcement, AI agent governance, and runtime authorization across every control point — built on Kyverno.
From the team that created Kyverno — the CNCF Graduated project with 7K+ GitHub stars, trusted by thousands of organizations worldwide
Our Products
Platform tools for policy governance, CLI operations, and enterprise Kubernetes
Nirmata Control Hub
Unified control plane for managing policy governance across Kubernetes clusters, IaC, CI/CD pipelines, and cloud resources. Provides identity context, policy management, guardrails, context graph, observability, and exception handling.
Nirmata CLI (nctl)
Command-line tool for managing policies, clusters, AI agents, and governance workflows. The primary interface for the Nirmata Assistant and all platform automation.
Nirmata Enterprise for Kyverno
Enterprise Kyverno distribution with LTS support, SLAs, and FIPS compliance. Enforce policies at admission time across all Kubernetes clusters with extended support and enterprise features.
AI Agents
Autonomous governance agents — remediate, optimize, audit, and recommend across your platform
Nirmata Assistant
Security-first AI assistant for platform engineers. 15+ specialized skills via CLI — generate policies, write tests, and get instant governance help from your terminal.
View docs →Cloud Agents
On-demand, scheduled AI agents that run in the cloud. Perform automated audits, compliance scans, and governance tasks on a schedule without in-cluster installation.
View docs →Service Agents
Autonomous in-cluster agents for 24/7 monitoring and remediation. Deploy once and let them continuously enforce governance, detect drift, and open GitOps PRs with AI-generated fixes.
View docs →Policy Control Points
Identity-aware policy enforcement, runtime authorization, reporting, and exceptions — built on Kyverno + Kyverno AuthZ
Kubernetes Control Point
Enforce policies at admission time across all Kubernetes clusters with Kyverno. Includes Nirmata Enterprise for Kyverno — the enterprise Kyverno distribution with LTS and SLAs.
Nirmata Enterprise for Kyverno docs →Pipeline Control Point
Shift-left policy checks in GitHub Actions, GitLab CI, Jenkins, and Bitbucket pipelines using nctl. Catch policy violations before they reach production.
nctl docs →Terraform Control Point
Policy enforcement for Terraform Cloud workspaces via the Nirmata Terraform Controller. Block or warn on non-compliant infrastructure.
Nirmata Terraform Controller docs →AI Control Point In Private Preview
Identity-aware governance for LLM access. Enforce who can call which model, enforce session budgets pre-call, and maintain a full audit trail — powered by Kyverno CEL.
Learn more →Authz Control Point In Private Preview
Runtime authorization for Kubernetes and cloud services using Kyverno AuthZ. Identity-aware, policy-driven authorization decisions with full audit trails.
Learn more →Cloud Control Point
Continuous posture management and admission control for AWS, GCP, and Azure with Nirmata Control Hub.
Nirmata Control Hub docs →Release Notes
Latest updates across Nirmata Control Hub, Nirmata Enterprise for Kyverno, and nctl.
Nirmata Policy Library
An extensive, open-source collection of 500+ Kyverno policies for security, compliance, and best practices — maintained by Nirmata, trusted by the Kubernetes community.
- Pod Security Standards (Baseline & Restricted)
- RBAC hardening and least-privilege enforcement
- Image signing, provenance, and supply chain security
- CIS Kubernetes Benchmark controls
- NSA/CISA Kubernetes Hardening Guidance